What? You can auth to booking.com with a password just fine (I just did it this morning).
Many sites have "magic links" (they sent you a link to login via email instead of having to write a in password), but there's almost always a way to say you want to log in with your password. Sometimes, especially for touchier things, there's MFA.
> Aside from the privacy issue of forcing people to attach an email or phone number or third-party auth provider to their every account
How do you login without an email, phone number or delegating to a third party? You perform a secret magic dance? Especially for something such as booking.com which more likely than not has your bank details saved, and can wreak havoc (cancel your bookings), I'm really not sure what you want them to do.
I was surprised when it happened to me too, but it seems to be an anti-feature that has been rolling out for some time now[0]. The ability to use a password has vanished completely.
The thing that makes it particularly egregious is that Booking.com is literally designed to be used on the road, from any location anywhere, on any weird device you might have access to at the time. There's no guarantee that whatever janky airport wifi allows IMAP, or that your phone can receive SMS in whatever country you're in. Forcing 2FA - or now apparently just the "1FA" of magic link/OTP - has made the service useless for its primary purpose.
[0] https://old.reddit.com/r/Bookingcom/comments/1hl055b/cannot_...
> whatever janky airport wifi allows IMAP
Bold of you to even assume the current generation of a 'decision makers' do know what IMAP is.